At Rendition Infosec, we understand the value of grouping attacks into campaigns. We also enjoy a good laugh. We noticed that a lot of people REALLY want to be able to point a finger at a particular attack group/country/etc. during an attack. We know, it feels good to blame China.
But seriously: most of the time knowing the specific attacker who hit your organization won't help you recover your data or protect your network. Understanding their TTP's? Yeah, that will help. Knowing what type of data they are after? Again, yeah that helps. Knowing the specific group, or the names of the hackers? Nope. That is very unlikely to help. Getting photos of them and home addresses for executive briefings? Media pimping at its very best. And absolutely ridiculous.
That is unless you want to hack back. As Rendition's Brandon McCrillis likes to say, hacking back is like picking a fist fight with a clown. Even when you win, you still lose.
So why all the emphasis around attribution? Doesn't matter. Some people are going to fervently disagree and think that we are making a mockery of threat intelligence. And we sort of are (but only bad threat intelligence, which arguably isn't threat intel anyway). But like we said, we like a good laugh. We saw attribution dice and thought the community needed an online version (real dice don't have enough room to be this much fun). So here it is. Enjoy. And if you have suggestions for options to add to the attribution randomness, contact us.